cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
262
Views
0
Helpful
0
Replies
Highlighted
Beginner

Cisco ISE 2.1 posture with Aruba Wireless - EAP-chaining

Hi, 

We try to implement ISE 2.1 posture with  Aruba Controller/AP.

Does anyone have any experience how can we do it?

We use EAP-chaning, certificate auth for Machine, and password auth for user.

We can change the Role (from guest to Authenticated) with Aruba-User-Role Radius answer, we can send CoA, and normally we can 

succesfully manage the posture.

But - if user logged out from machine, and revert to Role back to Restricted (with succesful machine authentication),

and try to login again, the Aruba WLC (Assume the PMK caching) says "Setting cached role to guest for user <MAC>” , and the posture will not occured,

and the user stuck in Guest role despite of successfull authenticaton.

What is wrong with this? The ISE 2.1 Compatibility Matrix shows Aruba as supported OS.

Everyone's tags (1)